{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,11]],"date-time":"2025-09-11T21:03:27Z","timestamp":1757624607214,"version":"3.44.0"},"reference-count":231,"publisher":"Association for Computing Machinery (ACM)","issue":"3","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2026,2,28]]},"abstract":"<jats:p>Artificial intelligence (AI) is reshaping Security Operations Centers (SOCs). This systematic literature review analyses AI\u2019s transformative impact across the NIST Cybersecurity Framework. The analysis of 189 papers related to AI use-cases for SOCs shows widespread application of AI for detection, with 65% of studies focusing on it. Yet, it also reveals deficiencies in recovery, the underutilisation of explainable AI models\u2014with 88% of studies relying on non-explainable approaches\u2014 the sporadic release of tools as open-source and an over-reliance on proprietary datasets. Common motivations for papers include efficiency, error reduction, and cost savings, with challenges in data reliance, and integration complexity.<\/jats:p>","DOI":"10.1145\/3747587","type":"journal-article","created":{"date-parts":[[2025,7,18]],"date-time":"2025-07-18T11:32:32Z","timestamp":1752838352000},"page":"1-38","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Exploring the Role of Artificial Intelligence in Enhancing Security Operations: A Systematic Review"],"prefix":"10.1145","volume":"58","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-5747-0400","authenticated-orcid":false,"given":"Despoina","family":"Giarimpampa","sequence":"first","affiliation":[{"name":"SnT, University of Luxembourg","place":["Luxembourg, Luxembourg"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8268-9037","authenticated-orcid":false,"given":"Roland","family":"Meier","sequence":"additional","affiliation":[{"name":"Cyber-Defense Campus, armasuisse","place":["Bern, Switzerland"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7270-9869","authenticated-orcid":false,"given":"Tegawend\u00e9 F.","family":"Bissyande","sequence":"additional","affiliation":[{"name":"SnT, University of Luxembourg","place":["Luxembourg, Luxembourg"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2289-3722","authenticated-orcid":false,"given":"Vincent","family":"Lenders","sequence":"additional","affiliation":[{"name":"Cyber-Defense Campus, armasuisse","place":["Bern, Switzerland"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4052-475X","authenticated-orcid":false,"given":"Jacques","family":"Klein","sequence":"additional","affiliation":[{"name":"SnT, University of Luxembourg","place":["Luxembourg, Luxembourg"]}]}],"member":"320","published-online":{"date-parts":[[2025,9,9]]},"reference":[{"key":"e_1_3_4_2_2","unstructured":"2021. The Power of Splunk. (Aug.2021). Retrieved from https:\/\/www.splunk.com\/en_us\/blog\/learn\/soc-security-operation-center.html"},{"key":"e_1_3_4_3_2","unstructured":"2024. A Realistic Cyber Defense Dataset (CSE-CIC-IDS2018)\u2014Registry of Open Data on AWS. (Dec.2024). Retrieved from https:\/\/registry.opendata.aws\/cse-cic-ids2018[Online; accessed 28. dec. 2024]."},{"key":"e_1_3_4_4_2","unstructured":"2024. core.edu.au - CORE Rankings Portal. (Nov.2024). Retrieved from https:\/\/www.core.edu.au\/conference-portal[Online; accessed 13. nov.. 2024]."},{"key":"e_1_3_4_5_2","unstructured":"2024. Cybersecurity Framework \\(\\vert\\) NIST. (Dec.2024). Retrieved from https:\/\/www.nist.gov\/cyberframework[Online; accessed 31. dec. 2024]."},{"key":"e_1_3_4_6_2","unstructured":"2025. What Is a Security Operations Center \\(\\vert\\) Cybersecurity \\(\\vert\\) CompTIA. (Jan.2025). Retrieved from https:\/\/www.comptia.org\/content\/articles\/what-is-a-security-operations-center#::text=Simply%20put%2C%20a%20security%20operations where%20SOC%20analysts%20work%20together."},{"key":"e_1_3_4_7_2","doi-asserted-by":"publisher","DOI":"10.1109\/SSCI51031.2022.10022255"},{"key":"e_1_3_4_8_2","doi-asserted-by":"publisher","DOI":"10.1080\/23742917.2019.1698178"},{"key":"e_1_3_4_9_2","doi-asserted-by":"publisher","DOI":"10.1145\/3579988.3585057"},{"key":"e_1_3_4_10_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103352"},{"key":"e_1_3_4_11_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11042-021-11073-x"},{"key":"e_1_3_4_12_2","doi-asserted-by":"publisher","DOI":"10.1109\/ECRIME.2018.8376209"},{"key":"e_1_3_4_13_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2022.118439"},{"key":"e_1_3_4_14_2","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2022.3171465"},{"key":"e_1_3_4_15_2","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-022-00133-w"},{"key":"e_1_3_4_16_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICDABI56818.2022.10041568"},{"key":"e_1_3_4_17_2","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2018.8587334"},{"key":"e_1_3_4_18_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICAIIC57133.2023.10067080"},{"key":"e_1_3_4_19_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.is.2020.101586"},{"key":"e_1_3_4_20_2","doi-asserted-by":"publisher","DOI":"10.1109\/DSN-W.2019.00010"},{"key":"e_1_3_4_21_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3204746"},{"key":"e_1_3_4_22_2","doi-asserted-by":"publisher","DOI":"10.1109\/IDSTA55301.2022.9923050"},{"key":"e_1_3_4_23_2","doi-asserted-by":"publisher","DOI":"10.1109\/CCWC.2019.8666477"},{"key":"e_1_3_4_24_2","doi-asserted-by":"publisher","DOI":"10.1145\/3474718.3474723"},{"key":"e_1_3_4_25_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2019.01.039"},{"key":"e_1_3_4_26_2","doi-asserted-by":"publisher","DOI":"10.1109\/WETICE.2019.00035"},{"key":"e_1_3_4_27_2","doi-asserted-by":"publisher","DOI":"10.1109\/VTC2022-Fall57202.2022.10012736"},{"key":"e_1_3_4_28_2","doi-asserted-by":"publisher","DOI":"10.1109\/WACVW58289.2023.00020"},{"key":"e_1_3_4_29_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.11.016"},{"key":"e_1_3_4_30_2","doi-asserted-by":"publisher","DOI":"10.1109\/VTC2023-Spring57618.2023.10199964"},{"key":"e_1_3_4_31_2","article-title":"What security operations center SOC is  \\(\\vert\\)  fundamentals of SOC cyber security  \\(\\vert\\)  EC-council","author":"C.-Council E.","year":"2024","unstructured":"E. C.-Council. 2024. What security operations center SOC is \\(\\vert\\) fundamentals of SOC cyber security \\(\\vert\\) EC-council. Cybersecurity Exchange (March2024). Retrieved from https:\/\/www.eccouncil.org\/cybersecurity-exchange\/security-operation-center\/what-is-soc-security-operations-center\/#::text=A%20Security%20Operations%20Center%20(SOC,security%20systems%20in%20real%20time.","journal-title":"Cybersecurity Exchange"},{"key":"e_1_3_4_32_2","doi-asserted-by":"publisher","DOI":"10.1109\/DSAA60987.2023.10302480"},{"key":"e_1_3_4_33_2","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM47813.2019.9020980"},{"issue":"2","key":"e_1_3_4_34_2","first-page":"790","article-title":"An explainable multi-modal hierarchical attention model for developing phishing threat intelligence","volume":"19","author":"Chai Yidong","year":"2021","unstructured":"Yidong Chai, Yonghang Zhou, Weifeng Li, and Yuanchun Jiang. 2021. An explainable multi-modal hierarchical attention model for developing phishing threat intelligence. IEEE Transactions on Dependable and Secure Computing 19, 2 (2021), 790\u2013803.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_3_4_35_2","doi-asserted-by":"publisher","unstructured":"Haipeng Chen Andrew Duncklee Sushil Jajodia Rui Liu Sean Mcnamara and V. S. Subrahmanian. 2022. PCAM: A data-driven probabilistic cyber-alert management framework. ACM Trans. Internet Technol. 22 3 (2022) 1\u201324. 10.1145\/3511101","DOI":"10.1145\/3511101"},{"key":"e_1_3_4_36_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICC45041.2023.10279722"},{"key":"e_1_3_4_37_2","doi-asserted-by":"publisher","DOI":"10.1145\/3627106.3627180"},{"key":"e_1_3_4_38_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3161636"},{"key":"e_1_3_4_39_2","doi-asserted-by":"publisher","DOI":"10.1109\/AsiaJCIS53848.2021.00011"},{"key":"e_1_3_4_40_2","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2019.2944477"},{"key":"e_1_3_4_41_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijinfomgt.2021.102383"},{"key":"e_1_3_4_42_2","doi-asserted-by":"publisher","DOI":"10.1109\/BigData50022.2020.9377825"},{"key":"e_1_3_4_43_2","doi-asserted-by":"publisher","DOI":"10.1002\/cmm4.1072"},{"key":"e_1_3_4_44_2","doi-asserted-by":"publisher","DOI":"10.1109\/BigData55660.2022.10020397"},{"key":"e_1_3_4_45_2","doi-asserted-by":"publisher","DOI":"10.3390\/bdcc3010006"},{"key":"e_1_3_4_46_2","article-title":"New SOC performance report: Security analysts are overworked and under resourced  \\(\\vert\\)  devo blog","year":"2023","unstructured":"Devo. 2023. New SOC performance report: Security analysts are overworked and under resourced \\(\\vert\\) devo blog. Devo (July2023). Retrieved from https:\/\/www.devo.com\/blog\/new-soc-performance-report-security-analysts-are-overworked-and-under-resourced","journal-title":"Devo"},{"key":"e_1_3_4_47_2","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN.2019.8852475"},{"key":"e_1_3_4_48_2","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN48605.2020.9207159"},{"key":"e_1_3_4_49_2","doi-asserted-by":"publisher","DOI":"10.1109\/GLOCOMW.2018.8644456"},{"key":"e_1_3_4_50_2","doi-asserted-by":"publisher","DOI":"10.1109\/BigData47090.2019.9006042"},{"key":"e_1_3_4_51_2","doi-asserted-by":"publisher","DOI":"10.1145\/3465481.3465749"},{"key":"e_1_3_4_52_2","doi-asserted-by":"publisher","DOI":"10.1145\/3607199.3607231"},{"key":"e_1_3_4_53_2","doi-asserted-by":"publisher","DOI":"10.1109\/UEMCON54665.2022.9965695"},{"key":"e_1_3_4_54_2","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2018.8621986"},{"key":"e_1_3_4_55_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2023.103472"},{"key":"e_1_3_4_56_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.iot.2023.100966"},{"key":"e_1_3_4_57_2","doi-asserted-by":"publisher","DOI":"10.1109\/CAMAD.2019.8858166"},{"key":"e_1_3_4_58_2","doi-asserted-by":"publisher","DOI":"10.1109\/EISIC49498.2019.9108886"},{"key":"e_1_3_4_59_2","doi-asserted-by":"publisher","DOI":"10.1109\/UKSim.2018.00018"},{"key":"e_1_3_4_60_2","doi-asserted-by":"publisher","DOI":"10.1109\/UKSim.2018.00018"},{"key":"e_1_3_4_61_2","doi-asserted-by":"publisher","unstructured":"Katheryn A. Farris Ankit Shah George Cybenko Rajesh Ganesan and Sushil Jajodia. 2018. VULCON: A system for vulnerability prioritization mitigation and management. ACM Trans. Priv. Secur. 21 4 (2018) 1\u201328. 10.1145\/3196884","DOI":"10.1145\/3196884"},{"key":"e_1_3_4_62_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2023.3255101"},{"key":"e_1_3_4_63_2","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom50675.2020.00051"},{"key":"e_1_3_4_64_2","doi-asserted-by":"publisher","DOI":"10.1109\/CCGridW59191.2023.00018"},{"key":"e_1_3_4_65_2","doi-asserted-by":"publisher","DOI":"10.1109\/SECON.2017.7925283"},{"key":"e_1_3_4_66_2","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom60117.2023.00095"},{"key":"e_1_3_4_67_2","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3616631"},{"key":"e_1_3_4_68_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICC45855.2022.9838748"},{"key":"e_1_3_4_69_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102259"},{"key":"e_1_3_4_70_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICOIN50884.2021.9333999"},{"key":"e_1_3_4_71_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3215267"},{"key":"e_1_3_4_72_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3171912"},{"key":"e_1_3_4_73_2","doi-asserted-by":"publisher","unstructured":"Sebastian Garcia Agustin Parmisano and Maria Jose Erquiaga. 2020. IoT-23: A labeled dataset with malicious and benign IoT network traffic. (Jan.2020). DOI:10.5281\/zenodo.4743746","DOI":"10.5281\/zenodo.4743746"},{"key":"e_1_3_4_74_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102845"},{"key":"e_1_3_4_75_2","doi-asserted-by":"publisher","unstructured":"Pierre-Francois Gimenez Jonathan Roux Eric Alata Guillaume Auriol Mohamed Kaaniche and Vincent Nicomette. 2021. RIDS: Radio intrusion detection and diagnosis system for wireless communications in smart environment. ACM Trans. Cyber-Phys. Syst. 5 3 (2021) 1\u20131. 10.1145\/3441458","DOI":"10.1145\/3441458"},{"key":"e_1_3_4_76_2","doi-asserted-by":"publisher","DOI":"10.1109\/TVCG.2018.2865029"},{"key":"e_1_3_4_77_2","doi-asserted-by":"publisher","DOI":"10.1109\/TVCG.2021.3114843"},{"key":"e_1_3_4_78_2","doi-asserted-by":"publisher","DOI":"10.23919\/CYCON.2018.8405028"},{"key":"e_1_3_4_79_2","doi-asserted-by":"publisher","DOI":"10.1109\/UEMCON51285.2020.9298167"},{"key":"e_1_3_4_80_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2022.10.024"},{"key":"e_1_3_4_81_2","doi-asserted-by":"publisher","DOI":"10.1109\/CIoT50422.2020.9244206"},{"key":"e_1_3_4_82_2","doi-asserted-by":"publisher","DOI":"10.1109\/BigData47090.2019.9006073"},{"key":"e_1_3_4_83_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3145966"},{"key":"e_1_3_4_84_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.02.020"},{"key":"e_1_3_4_85_2","doi-asserted-by":"publisher","DOI":"10.1109\/BigData47090.2019.9006391"},{"key":"e_1_3_4_86_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA55696.2022.00282"},{"key":"e_1_3_4_87_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2022.103150"},{"journal-title":"https:\/\/rapid.cis.unimelb.edu.au\/BigDataChallenge\/Tasks.html","article-title":"IEEE Big Data 2019 Big Data Cup","key":"e_1_3_4_88_2","unstructured":"IEEE. IEEE Big Data 2019 Big Data Cup. Retrieved from https:\/\/rapid.cis.unimelb.edu.au\/BigDataChallenge\/Tasks.html. (n.d.). [Accessed 28-12-2024]."},{"key":"e_1_3_4_89_2","doi-asserted-by":"publisher","DOI":"10.1145\/3538969.3543795"},{"key":"e_1_3_4_90_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2022.103370"},{"key":"e_1_3_4_91_2","doi-asserted-by":"publisher","DOI":"10.1145\/3305268"},{"key":"e_1_3_4_92_2","doi-asserted-by":"crossref","unstructured":"Danish Javeed Tianhan Gao Muhammad Shahid Saeed and Muhammad Taimoor Khan. 2023. FOG-empowered augmented-intelligence-based proactive defensive mechanism for IoT-enabled smart industries. IEEE Internet of Things Journal 10 21 (2023) 18599\u201318608.","DOI":"10.1109\/JIOT.2023.3288563"},{"key":"e_1_3_4_93_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2021.103210"},{"key":"e_1_3_4_94_2","unstructured":"JupiterOne. 2023. State of Cyber assets report. (2023). Retrieved from https:\/\/info.jupiterone.com\/hubfs\/SCAR%202023\/jupiterone_2023-state-of-cyber-assets-report_scar.pdf"},{"key":"e_1_3_4_95_2","doi-asserted-by":"publisher","DOI":"10.1109\/ISCC55528.2022.9912824"},{"key":"e_1_3_4_96_2","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/bxz111"},{"key":"e_1_3_4_97_2","doi-asserted-by":"crossref","unstructured":"Ramanpreet Kaur Du\u0161an Gabrijel\u010di\u010d and Toma\u017e Klobu\u010dar. 2023. Artificial intelligence for cybersecurity: Literature review and future research directions. Information Fusion 97 (2023) 101804.","DOI":"10.1016\/j.inffus.2023.101804"},{"key":"e_1_3_4_98_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2023.113928"},{"key":"e_1_3_4_99_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2985367"},{"key":"e_1_3_4_100_2","doi-asserted-by":"crossref","unstructured":"Hakan Kek\u00fcl Burhan Ergen and Halil Arslan. 2021. A multiclass hybrid approach to estimating software vulnerability vectors and severity score. Journal of Information Security and Applications 63 (2021) 103028.","DOI":"10.1016\/j.jisa.2021.103028"},{"key":"e_1_3_4_101_2","doi-asserted-by":"publisher","DOI":"10.1109\/IRI51335.2021.00030"},{"key":"e_1_3_4_102_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3001374"},{"key":"e_1_3_4_103_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2986882"},{"key":"e_1_3_4_104_2","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2018.8659373"},{"issue":"1","key":"e_1_3_4_105_2","first-page":"5021125","article-title":"Comparative experiment on TTP classification with class imbalance using oversampling from CTI dataset","volume":"2022","author":"Kim Heejung","year":"2022","unstructured":"Heejung Kim and Hwankuk Kim. 2022. Comparative experiment on TTP classification with class imbalance using oversampling from CTI dataset. Security and Communication Networks 2022, 1 (2022), 5021125.","journal-title":"Security and Communication Networks"},{"key":"e_1_3_4_106_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3101257"},{"key":"e_1_3_4_107_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102789"},{"key":"e_1_3_4_108_2","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC48688.2020.00-42"},{"key":"e_1_3_4_109_2","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359808"},{"key":"e_1_3_4_110_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICOCO56118.2022.10032036"},{"key":"e_1_3_4_111_2","doi-asserted-by":"publisher","DOI":"10.1145\/3607199.3607247"},{"key":"e_1_3_4_112_2","doi-asserted-by":"publisher","DOI":"10.1109\/AIIoT54504.2022.9817254"},{"key":"e_1_3_4_113_2","doi-asserted-by":"publisher","DOI":"10.1109\/IDAACS53288.2021.9660903"},{"key":"e_1_3_4_114_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3066957"},{"key":"e_1_3_4_115_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2953095"},{"key":"e_1_3_4_116_2","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP53844.2022.00011"},{"key":"e_1_3_4_117_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACIT58888.2023.10453849"},{"key":"e_1_3_4_118_2","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2018.8622077"},{"key":"e_1_3_4_119_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2019.8761598"},{"key":"e_1_3_4_120_2","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom60117.2023.00025"},{"key":"e_1_3_4_121_2","doi-asserted-by":"publisher","DOI":"10.1109\/CCCI58712.2023.10290797"},{"key":"e_1_3_4_122_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103465"},{"key":"e_1_3_4_123_2","doi-asserted-by":"publisher","DOI":"10.1109\/AICCSA59173.2023.10479349"},{"key":"e_1_3_4_124_2","doi-asserted-by":"publisher","DOI":"10.1109\/SSCI52147.2023.10371980"},{"key":"e_1_3_4_125_2","doi-asserted-by":"publisher","DOI":"10.1145\/3600160.3600182"},{"key":"e_1_3_4_126_2","doi-asserted-by":"publisher","DOI":"10.1109\/SYNASC49474.2019.00039"},{"key":"e_1_3_4_127_2","doi-asserted-by":"crossref","unstructured":"Renato Marinho and Raimir Holanda. 2023. Automated emerging cyber threat identification and profiling based on natural language processing. IEEE Access 11 (2023) 58915\u201358936.","DOI":"10.1109\/ACCESS.2023.3260020"},{"key":"e_1_3_4_128_2","doi-asserted-by":"publisher","unstructured":"Cl\u00e1udio Martins and Ib\u00e9ria Medeiros. 2022. Generating quality threat intelligence leveraging OSINT and a cyber threat unified taxonomy. ACM Trans. Priv. Secur. 25 3 (2022) 1\u201339. 10.1145\/3530977","DOI":"10.1145\/3530977"},{"key":"e_1_3_4_129_2","unstructured":"Nestor Maslej Loredana Fattorini Erik Brynjolfsson John Etchemendy Katrina Ligett Terah Lyons James Manyika Helen Ngo Juan Carlos Niebles Vanessa Parli et\u00a0al. 2023. Artificial intelligence index report 2023. arXiv:2310.03715. Retrieved from https:\/\/arxiv.org\/abs\/2310.03715"},{"key":"e_1_3_4_130_2","doi-asserted-by":"publisher","DOI":"10.1109\/SmartNets58706.2023.10215763"},{"key":"e_1_3_4_131_2","doi-asserted-by":"publisher","DOI":"10.1109\/QRS54544.2021.00014"},{"key":"e_1_3_4_132_2","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2019.00064"},{"key":"e_1_3_4_133_2","doi-asserted-by":"publisher","DOI":"10.1109\/DSN-W54100.2022.00015"},{"key":"e_1_3_4_134_2","doi-asserted-by":"publisher","DOI":"10.1109\/CANDAR.2017.109"},{"key":"e_1_3_4_135_2","doi-asserted-by":"publisher","DOI":"10.1109\/CNS56114.2022.10092920"},{"key":"e_1_3_4_136_2","doi-asserted-by":"publisher","DOI":"10.1109\/MilCIS.2015.7348942"},{"key":"e_1_3_4_137_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICIMTech55957.2022.9915227"},{"key":"e_1_3_4_138_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3153716"},{"key":"e_1_3_4_139_2","doi-asserted-by":"publisher","DOI":"10.1109\/AsiaJCIS60284.2023.00016"},{"issue":"2","key":"e_1_3_4_140_2","first-page":"731","article-title":"Alert-driven attack graph generation using s-pdfa","volume":"19","author":"Nadeem Azqa","year":"2021","unstructured":"Azqa Nadeem, Sicco Verwer, Stephen Moskal, and Shanchieh Jay Yang. 2021. Alert-driven attack graph generation using s-pdfa. IEEE Transactions on Dependable and Secure Computing 19, 2 (2021), 731\u2013746.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_3_4_141_2","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2022.3198139"},{"key":"e_1_3_4_142_2","doi-asserted-by":"publisher","DOI":"10.1109\/SMARTGENCON56628.2022.10083722"},{"key":"e_1_3_4_143_2","doi-asserted-by":"publisher","DOI":"10.1109\/BigData52589.2021.9671956"},{"key":"e_1_3_4_144_2","doi-asserted-by":"publisher","DOI":"10.1109\/BigData55660.2022.10021115"},{"key":"e_1_3_4_145_2","doi-asserted-by":"publisher","DOI":"10.1109\/AsiaJCIS57030.2022.00011"},{"key":"e_1_3_4_146_2","doi-asserted-by":"publisher","DOI":"10.1109\/BigData59044.2023.10386263"},{"key":"e_1_3_4_147_2","doi-asserted-by":"publisher","DOI":"10.1109\/PST55820.2022.9851984"},{"key":"e_1_3_4_148_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3216617"},{"key":"e_1_3_4_149_2","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2019.8802833"},{"key":"e_1_3_4_150_2","first-page":"524","article-title":"SILU: Strategy involving large-scale unlabeled logs for improving malware detector","author":"Nishiyama Taishi","year":"2020","unstructured":"Taishi Nishiyama, Atsutoshi Kumagai, Kazunori Kamiya, and Kenji Takahashi. 2020. SILU: Strategy involving large-scale unlabeled logs for improving malware detector. 2020 IEEE SYMPOSIUM ON COMPUTERS AND COMMUNICATIONS (ISCC), 524\u2013530. 25th IEEE Symposium on Computers and Communications (ISCC), Rennes, FRANCE, JUL 07-10, 2020.","journal-title":"2020 IEEE SYMPOSIUM ON COMPUTERS AND COMMUNICATIONS (ISCC)"},{"key":"e_1_3_4_151_2","doi-asserted-by":"publisher","DOI":"10.1109\/SMARTTECH54121.2022.00029"},{"key":"e_1_3_4_152_2","unstructured":"Ridwan Nur Wibowo Parman Sukarno and Erwid Musthofa Jadied. 2019. NSL-KDD Dataset. https:\/\/api.semanticscholar.org\/CorpusID:198166203"},{"key":"e_1_3_4_153_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.103069"},{"key":"e_1_3_4_154_2","doi-asserted-by":"publisher","DOI":"10.1109\/CNS53000.2021.9705045"},{"key":"e_1_3_4_155_2","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274710"},{"key":"e_1_3_4_156_2","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274710"},{"key":"e_1_3_4_157_2","doi-asserted-by":"publisher","DOI":"10.1109\/IDSTA50958.2020.9264049"},{"key":"e_1_3_4_158_2","doi-asserted-by":"publisher","DOI":"10.1136\/bmj.n71"},{"key":"e_1_3_4_159_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2022.3211346"},{"key":"e_1_3_4_160_2","doi-asserted-by":"publisher","DOI":"10.1109\/I2CT51068.2021.9418136"},{"key":"e_1_3_4_161_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICAC49085.2019.9103388"},{"key":"e_1_3_4_162_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.chaos.2021.111143"},{"key":"e_1_3_4_163_2","doi-asserted-by":"publisher","DOI":"10.1145\/3341161.3343519"},{"key":"e_1_3_4_164_2","doi-asserted-by":"publisher","DOI":"10.1109\/SmartGridComm57358.2023.10333922"},{"key":"e_1_3_4_165_2","doi-asserted-by":"publisher","DOI":"10.1109\/CSR54599.2022.9850306"},{"key":"e_1_3_4_166_2","doi-asserted-by":"publisher","DOI":"10.1109\/SISY60376.2023.10417905"},{"key":"e_1_3_4_167_2","doi-asserted-by":"publisher","DOI":"10.1002\/smr.2489"},{"key":"e_1_3_4_168_2","doi-asserted-by":"publisher","DOI":"10.1057\/s41284-024-00435-3"},{"key":"e_1_3_4_169_2","doi-asserted-by":"publisher","DOI":"10.3389\/fbloc.2024.1359130"},{"key":"e_1_3_4_170_2","doi-asserted-by":"publisher","DOI":"10.1109\/BigData52589.2021.9671824"},{"key":"e_1_3_4_171_2","first-page":"151","volume-title":"International Conference on AI and the Digital Economy (CADE 2023)","volume":"2023","author":"Rani Ruby","year":"2023","unstructured":"Ruby Rani, Gregory Epiphaniou, and Carsten Maple. 2023. Reinforcement learning-based alert prioritisation in security operation centre: A framework for enhancing cybersecurity in the digital economy. In International Conference on AI and the Digital Economy (CADE 2023), Vol. 2023. IET, 151\u2013157."},{"key":"e_1_3_4_172_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICISS49785.2020.9315932"},{"key":"e_1_3_4_173_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCIS56430.2022.10037596"},{"key":"e_1_3_4_174_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103343"},{"key":"e_1_3_4_175_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3014619"},{"key":"e_1_3_4_176_2","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134645"},{"key":"e_1_3_4_177_2","unstructured":"Stuart Russell and Peter Norvig. 2021. Artificial Intelligence: A Modern Approach (4th ed.). Prentice Hall."},{"key":"e_1_3_4_178_2","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom50675.2020.00145"},{"key":"e_1_3_4_179_2","doi-asserted-by":"publisher","DOI":"10.1145\/3409289"},{"key":"e_1_3_4_180_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2020.07.015"},{"key":"e_1_3_4_181_2","doi-asserted-by":"publisher","DOI":"10.1109\/MetroXRAINE58569.2023.10405622"},{"key":"e_1_3_4_182_2","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2021.3117338"},{"key":"e_1_3_4_183_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCWorkshops49005.2020.9145438"},{"key":"e_1_3_4_184_2","doi-asserted-by":"publisher","DOI":"10.1002\/ett.4073"},{"key":"e_1_3_4_185_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2018.8422763"},{"key":"e_1_3_4_186_2","doi-asserted-by":"publisher","DOI":"10.1109\/PowerTech55446.2023.10202747"},{"key":"e_1_3_4_187_2","doi-asserted-by":"publisher","DOI":"10.1109\/CYBConf.2017.7985754"},{"key":"e_1_3_4_188_2","doi-asserted-by":"publisher","DOI":"10.1145\/3377554"},{"key":"e_1_3_4_189_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3157738"},{"key":"e_1_3_4_190_2","first-page":"108","article-title":"Toward generating a new intrusion detection dataset and intrusion traffic characterization.","volume":"1","author":"Sharafaldin Iman","year":"2018","unstructured":"Iman Sharafaldin, Arash Habibi Lashkari, Ali A Ghorbani, et\u00a0al. 2018. Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp 1 (2018), 108\u2013116.","journal-title":"ICISSp"},{"key":"e_1_3_4_191_2","doi-asserted-by":"publisher","DOI":"10.1109\/CCST.2019.8888419"},{"key":"e_1_3_4_192_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-21448-6_2"},{"key":"e_1_3_4_193_2","doi-asserted-by":"publisher","DOI":"10.1145\/3338501.3357367"},{"key":"e_1_3_4_194_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3029100"},{"key":"e_1_3_4_195_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3162588"},{"key":"e_1_3_4_196_2","doi-asserted-by":"publisher","DOI":"10.1109\/SANER56733.2023.00057"},{"key":"e_1_3_4_197_2","doi-asserted-by":"publisher","unstructured":"Zarrin Tasnim Sworna Chadni Islam and Muhammad Ali Babar. 2023. APIRO: A framework for automated security tools API recommendation. ACM Trans. Softw. Eng. Methodol. 32 1 (2 2023) 1\u201342. 10.1145\/3512768","DOI":"10.1145\/3512768"},{"key":"e_1_3_4_198_2","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN48605.2020.9207199"},{"key":"e_1_3_4_199_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICDMW.2017.111"},{"key":"e_1_3_4_200_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICMCIS.2018.8398730"},{"key":"e_1_3_4_201_2","doi-asserted-by":"publisher","DOI":"10.1109\/LCN58197.2023.10223403"},{"key":"e_1_3_4_202_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102576"},{"key":"e_1_3_4_203_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3141161"},{"key":"e_1_3_4_204_2","doi-asserted-by":"publisher","DOI":"10.1109\/UBMK52708.2021.9558964"},{"issue":"2","key":"e_1_3_4_205_2","first-page":"747","article-title":"Phishing email detection using persuasion cues","volume":"19","author":"Valecha Rohit","year":"2021","unstructured":"Rohit Valecha, Pranali Mandaokar, and H Raghav Rao. 2021. Phishing email detection using persuasion cues. IEEE Transactions on Dependable and Secure Computing 19, 2 (2021), 747\u2013756.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_3_4_206_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833671"},{"key":"e_1_3_4_207_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICACRS55517.2022.10029282"},{"key":"e_1_3_4_208_2","doi-asserted-by":"publisher","DOI":"10.1109\/PerComWorkshops53856.2022.9767492"},{"key":"e_1_3_4_209_2","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM52596.2021.9652916"},{"key":"e_1_3_4_210_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3045514"},{"key":"e_1_3_4_211_2","doi-asserted-by":"publisher","DOI":"10.1109\/BigData47090.2019.9006061"},{"key":"e_1_3_4_212_2","doi-asserted-by":"publisher","DOI":"10.1134\/S0361768823040126"},{"key":"e_1_3_4_213_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSGCE.2018.8556775"},{"key":"e_1_3_4_214_2","doi-asserted-by":"publisher","DOI":"10.1109\/BigData47090.2019.9006555"},{"key":"e_1_3_4_215_2","doi-asserted-by":"publisher","DOI":"10.1109\/CSCWD49262.2021.9437858"},{"key":"e_1_3_4_216_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2022.103373"},{"key":"e_1_3_4_217_2","doi-asserted-by":"publisher","DOI":"10.1109\/WETICE53228.2021.00031"},{"key":"e_1_3_4_218_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2021.08.239"},{"key":"e_1_3_4_219_2","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom56396.2022.00192"},{"key":"e_1_3_4_220_2","doi-asserted-by":"publisher","DOI":"10.1109\/BigData47090.2019.9005988"},{"key":"e_1_3_4_221_2","doi-asserted-by":"publisher","DOI":"10.1145\/3349341.3349365"},{"key":"e_1_3_4_222_2","doi-asserted-by":"publisher","DOI":"10.1109\/IWQoS49365.2020.9212829"},{"key":"e_1_3_4_223_2","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom60117.2023.00102"},{"key":"e_1_3_4_224_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICPADS60453.2023.00250"},{"key":"e_1_3_4_225_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2922692"},{"key":"e_1_3_4_226_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102675"},{"key":"e_1_3_4_227_2","doi-asserted-by":"crossref","unstructured":"Waleed A. Yousef Issa Traor\u00e9 and William Briguglio. 2022. Classifier calibration: with application to threat scores in cybersecurity. IEEE Transactions on Dependable and Secure Computing 20 3 (2022) 1994\u20132010.","DOI":"10.1109\/TDSC.2022.3170011"},{"key":"e_1_3_4_228_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eij.2021.12.003"},{"key":"e_1_3_4_229_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833669"},{"key":"e_1_3_4_230_2","doi-asserted-by":"publisher","DOI":"10.1109\/CNS48642.2020.9162309"},{"key":"e_1_3_4_231_2","doi-asserted-by":"publisher","DOI":"10.1145\/3627106.3627126"},{"key":"e_1_3_4_232_2","doi-asserted-by":"publisher","DOI":"10.1109\/BigData59044.2023.10386715"}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3747587","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,9]],"date-time":"2025-09-09T14:34:41Z","timestamp":1757428481000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3747587"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,9,9]]},"references-count":231,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2026,2,28]]}},"alternative-id":["10.1145\/3747587"],"URL":"https:\/\/doi.org\/10.1145\/3747587","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"type":"print","value":"0360-0300"},{"type":"electronic","value":"1557-7341"}],"subject":[],"published":{"date-parts":[[2025,9,9]]},"assertion":[{"value":"2025-02-04","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-05-18","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-09-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}